/helix/users doesn't return info on Bearer token

oelna · April 24, 2021, 9:52pm

I’m having trouble getting info on the user of a specified Bearer token from the API. I thought I had it when I found this thread, but it turns out, authentication for once isn’t the culprit (presumably).

If I make a request (disclaimer: I’m using Curl and PHP for this) to /helix/users and provide a login query parameter, the API returns a JSON object containing the data, as expected.

// works fine
$curl = curl_init();
$url = 'https://api.twitch.tv/helix/users?login=forsen';
curl_setopt( $curl, CURLOPT_URL, $url );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, 1 );
curl_setopt( $curl, CURLOPT_HTTPHEADER, [
	'Authorization: Bearer 59ppyp<redacted>vaf7zrm',
	'Client-Id: jd07j<redacted>zcdle8'
] );

$response = json_decode( curl_exec( $curl ), true );
curl_close( $curl );

If I provide nothing, reading the docs I expected it to return info on the username associated with the Bearer token I’m sending as a header with the request. Instead I get a Status 400: Bad Request error and Must provide an ID, Login or OAuth Token.

// doesn't work
$curl = curl_init();
$url = 'https://api.twitch.tv/helix/users';
curl_setopt( $curl, CURLOPT_URL, $url );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, 1 );
curl_setopt( $curl, CURLOPT_HTTPHEADER, [
	'Authorization: Bearer 59ppyp<redacted>vaf7zrm',
	'Client-Id: jd07j<redacted>zcdle8'
] );

$response = json_decode( curl_exec( $curl ), true );
curl_close( $curl );

The weird thing is: if I do the same request via Javascript fetch, again providing no query parameters, the request works!

What could be going wrong here?

BarryCarlyon · April 24, 2021, 9:55pm

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true)

and

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1)

are the same thing

That would suggest the token specified here is an App Access Token.

Where did you run the request? In a console on Twitch or in JS client side code on your own server? (If console on Twitch cookies may have interferred)

You can also run/test your token against the validate endpoint Authentication | Twitch Developers :


    $ch = curl_init('https://id.twitch.tv/oauth2/validate');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Authorization: OAuth ' . $_SESSION['token']->access_token
    ));

    $r = curl_exec($ch);
    $i = curl_getinfo($ch);

    curl_close($ch);

And check $r to check your token type to see if it returns a user ID in the response.
That’ll help determine what kind of token you have

wax_ex · April 24, 2021, 9:56pm

What is your Oauth Procedure ?

OAuth Client Credentials Flow ?

wax_ex · April 24, 2021, 9:58pm

You can’t get user information with an app token you need to have an user oauth like
OAuth Implicit Code Flow or OAuth Authorization Code Flow

BarryCarlyon · April 24, 2021, 9:59pm

That is what I just said yes. You can get other users, but you can’t get the tokens user, as the token doesn’t have a user.

system · May 24, 2021, 10:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.